Q&A How I became (or did not become) a phishing victim.


Level 8
Thread author
Jun 11, 2019
The topic of phishing has been raised here earlier. But I am creating a topic not just for another discussion of this problem, but so that everyone can share an interesting story of how he became a victim of phishing, or how he was able to notice a deception at the last moment and not become a victim of phishing. In my life, I was able to avoid the trap at the last moment only once, although it was primitive :) Usually phishing emails come to my mail and immediately go to spam on the mail server, and if they end up in my inbox, then I I manually delete them right away. In social networks, scammers cannot write to me anything, since I set up my accounts only for communicating with those who are my friends, for strangers - a full block.
But one day I received a message from my old classmate at the academy, and she asked to help her in a contest of beautiful photos :) I have received similar requests from other friends before, and I called those who asked them to confirm that this was their request. And they always confirmed the request. But I didn’t have the phone of this particular acquaintance. I copied the link in the post and pasted it in another browser. The link immediately struck me as dubious, and the site to which it led was even more dubious. One web page with a large inscription at the top "COMPETITION" and two photographs: on the left - an unknown girl, on the right - my friend. Photos are taken from their accounts (profile photo). Under the photographs allegedly the counters of those who voted and the score 55-53 is not in favor of my friend :) Also under the photographs there are two "Vote" buttons. I pressed the button under the photo of my friend. Instead of changing the counter, I was thrown to some other page, where the site disguised as the authorization page of the social network asked me to enter a username and password so that the vote would be counted :) Confused several moments at once: 1) there are no hints at the social network at all in the page address. 2) the connection is not secure 3) the interface of the page is very different from the interface of the social network. Basically, I realized it was phishing, closed the fraudulent web pages and cleaned my browser. Surprisingly, while my brain was analyzing all these moments, my hands had already managed to fill in the login line :) That is, I was simultaneously evaluating the phishing page and filling out its form :) It's good that I didn't have time to fill in the password line :)
After a while, I found on one of the forums the story of a girl who wrote that she received a similar message asking for a competition, the same page of scammers, a counter, a redirect to authorization, only this girl filled out the form and sent her username and password. Then she received a message that an authorization error had occurred, and a minute later, on her official page, a message was sent to all her friends and subscribers asking for help in the competition, but on her own behalf and her own photo was already on the fraudulent page. Apparently, a bot program is working, which sends messages, changes photos, and also collects a huge database of logins and passwords of users of the social network.
Tell us your story: how did you or did not fall victim to phishing?